TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Getting your clients to accept legal advice that could impact the user experience on a website is an uphill battle, but is the tide of that battle shifting?

Certainly, some lawyer, somewhere, two decades ago, had a knock-down, drag-out with his Web development team about how important it would be to obtain a “seasonable expression of acceptance” (yep, just broke out the Uniform Commercial Code on this blog) to ensure that the company website’s Terms of Service and Privacy Policy would remain enforceable. He lost.

In the brief history of the Internet, websites have been dominated by the “shrink wrap” acceptance mechanism for Terms of Service and Privacy Policies. That is, users who visit the sites don’t have to do anything particular to accept these agreements, but instead accept these agreements by virtue of their visitation. Although courts have been willing to enforce these documents to the extent that they are reasonable and not too invasive, trying to enforce anything other than cursory protections is risky at best.

Our cars will soon be talking to one another. They will send messages about their location, speed, acceleration, size, position, and turn-signal status, and they will use that information to tell us what our fellow drivers are doing on the road around us. These future cars will alert us to what we can’t see coming around the corner, helping us avoid potential crashes.

Vehicle-to-vehicle (V2V) communication is an interesting example of how the Internet of Things (IoT) will soon affect our daily lives. Last week, we provided a brief introduction to the IoT in part one of this series. Part two discusses recent regulatory and industry developments related to V2V communications technology and focuses specifically on regulatory and industry responses to privacy issues.

Last week, we discussed three important changes to California’s data breach law that become effective January 1, 2015. Part two of this series looks at the data breach report recently released by the California Attorney General.

California Data Breach Report

In October, the California Attorney General’s data breach report presented key findings on breaches occurring in California and recommendations for lawmakers and affected industries. Notable findings and recommendations from the report are summarized below.

  • Data breaches are on the rise. Among other findings, the report found that the number of data breaches in California increased by 28% from 2012 to 2013, with “intentional unauthorized intrusions into computer systems” showing the biggest increase among breach categories and accounting for 53% of reported incidents.

Data breaches continue to make headlines, ringing alarms for companies at risk and for the regulators who look to control the risks involved. Recent actions by California’s legislature and Attorney General are key developments by state government authorities and are likely signals of similar actions that other states will take. In part one of this two-part series, we discuss California’s newly amended data breach statute. In part two, we will discuss the recently released data breach report by California’s Attorney General.

California’s New Data Breach Law

On September 30, California’s governor signed Assembly Bill No. 1710 into law, which makes three important changes to California’s data breach statute.

Is the Internet of Things the next big thing? From the cloud to Big Data to software robots, it seems there is always a new buzzword for emerging technologies. According to Gartner, the Internet of Things (IoT) is the buzzword of the moment, as it recently reached the peak of the “Hype Cycle.” In the first post of this two-part series, we take a quick look at (1) the meaning of the IoT, (2) what analysts are saying about its future, and (3) some key legal issues related to the IoT.

What is the Internet of Things?

A universally accepted definition of the IoT does not yet exist. Perform a simple web search and you will find many variations on what the IoT encompasses. One particularly helpful definition comes from McKinsey Global Institute, which defines what it calls the “Internet of All Things” as, “Linking machinery, equipment, and other physical assets with networked sensors and actuators to capture data and manage performance, enabling machines to collaborate and even act on new information independently.”

Big Data: It is in the news every day, and industry researchers can't say enough about the potential value of data and predictions for the data analytics market. So it seems like a natural progression that the rights to use aggregated, de-identified data provided or generated in connection with service relationships are in the spotlight. Procurement outsourcers want to leverage the cost and payment data they receive from suppliers on behalf of clients to benchmark what is "market." Human resources service providers want to leverage data regarding employee behavior and acceptability (such as with self-help) to enhance their services and improve the user experience. Information technology service providers want to aggregate performance data, including service-level commitments, to demonstrate and market their best-in-breed systems and processes. So, what do customers need to think about when a vendor requests a provision stating that it can use the customer's data in an aggregated, de-identified form? Set forth below are five key questions for customers to consider.

With its latest iOS release, Apple may have charted a new course for the payment industry. On October 20, the company rolled out its new payment service, Apple Pay, to users of the iPhone 6 and iPhone 6 Plus. Apple Pay uses near-field communication (NFC) and tokenization technology with the iPhone’s built-in fingerprint reader to provide what experts say is a more secure payment method than traditional credit cards.

Companies spend millions of dollars on third-party software products to automate and integrate their operations—from operating systems (OS) for mainframe and distributed systems, to enterprise resource planning (ERP) software, to end user applications. For companies with software and systems shared across business units, implementing corporate changes, such as a divestiture, can be a challenge. Few companies have software strategies—or contractual provisions to support such strategies—that enable them to implement a divestiture without significant diligence, including the following:

  • Identification of business unit dedicated and shared software
  • Review of contract terms that allow for assignment (in whole or in part)
  • Review of contract terms that allow for use as part of post-divestiture transition services
  • Development of a software vendor communication plan and, if necessary, negotiation approach

We spend a significant amount of time working with clients to perform software diligence in contemplation of a divestiture or similar corporate action. Set forth below are a few pointers for lawyers and contract and sourcing professionals to consider when licensing software, managing software portfolios, and engaging pre- and post-divestiture activities.

Information Services Group (ISG) predicts an increase in outsourcing transaction activity for quarter four of 2014. Despite a slow third quarter, ISG expects the outsourcing industry’s busy fourth quarter to create double-digit growth in global annual contract value compared to 2013. It also forecasts this pickup in deal activity to continue into 2015.

In its analysis of the Americas region, the only region with year-over-year third-quarter growth, ISG noted that higher information technology outsourcing contract counts through the first nine months of 2014 reflects the trend toward more contracts and increased multisourcing. ISG also highlighted significant business process outsourcing growth in the financial services, energy, and manufacturing industries.

Check out the full Global ISG Outsourcing Index here.

Over the last two weeks, we discussed contract provisions designed to address the implementation of preventive security measures, as well as responding to security incidents. Our third and final blog post in this series focuses on contractual provisions that address the allocation of liability for breaches that result in security incidents.

Because of the potential for large-scale damages from a security incident, customers and service providers are generally very focused on the allocation of liability in indemnification and liability provisions. Below we list some key issues to consider when drafting these contract provisions.